Almost half of financial services companies have experienced a cyberattack in the past 12 months, according to research by Ponemon Institute and cybersecurity firm Keeper Security.

The survey of 2,391 IT and IT security practitioners in the US and Europe found that more than two thirds (69%) of companies had experienced a cyberattack at some point during their lifetime.

Respondents said cyberattacks were becoming more targeted, more severe, and more sophisticated.

“The financial services sector is in the midst of a pivotal era of disruption, but transformation should not come at the expense of cybersecurity,” said Darren Guccione, CEO of Keeper Security. “As a highly regulated industry, it’s imperative that firms don’t let cybercriminals fill the gaps.”

He warned that the majority of companies were “still not going far enough” to prevent future security breaches.

Half of respondents said they did not believe their company had enough resources – whether personnel or budget – to support strong cybersecurity, and 47% said they did not have a formal plan in place for responding to an attack.

Just over a third (39%) of representatives of financial services firms said their security position was “very effective”.

The research follows similar findings from the Association for Financial Professionals, which last month reported that 81% of companies it surveyed had been targeted by payment fraud attacks in 2019.

The Ponemon/Keeper research found that a data breach at a financial services company compromised on average 7,095 customer and employee records and cost more than $1 million on average from the disruption of operations.

The most common types of attack, according to the research, were ‘phishing’ attacks, followed by ‘web-based attacks’.

The research also raised questions over the effectiveness of traditional security measures. More than two thirds (69%) of respondents said attackers or malware had been able to evade their company’s intrusion detection systems in the past 12 months, while 84% said their anti-virus solutions had been bypassed in some way.

The increased use of mobile devices “diminishes” the security position of companies, according to 49% of respondents – a finding made all the more relevant by the enforcement of remote working across much of the US in the past two months.

In an article for Banking Exchange in March this year, Fortinet deputy chief information security officer Renee Tarun urged financial services companies to “marry security and performance by implementing tools and policies that emphasize flexibility, compliance, operational efficiency and visibility”. Adopting cloud computing and sophisticated digital infrastructure were also crucial, she said.